diff options
Diffstat (limited to 'firmware/2lib/include')
-rw-r--r-- | firmware/2lib/include/2api.h | 30 | ||||
-rw-r--r-- | firmware/2lib/include/2crypto.h | 31 | ||||
-rw-r--r-- | firmware/2lib/include/2return_codes.h | 3 | ||||
-rw-r--r-- | firmware/2lib/include/2sha.h | 3 | ||||
-rw-r--r-- | firmware/2lib/include/2struct.h | 32 |
5 files changed, 68 insertions, 31 deletions
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h index 1ce6a09f..0c5792d8 100644 --- a/firmware/2lib/include/2api.h +++ b/firmware/2lib/include/2api.h @@ -21,6 +21,7 @@ #define VBOOT_2_API_H_ #include <stdint.h> +#include "2crypto.h" #include "2fw_hash_tags.h" #include "2guid.h" #include "2recovery_reasons.h" @@ -364,4 +365,33 @@ int vb2ex_read_resource(struct vb2_context *ctx, uint32_t size); void vb2ex_printf(const char *func, const char *fmt, ...); + +/** + * Initialize the hardware crypto engine to calculate a block-style digest. + * + * @param hash_alg Hash algorithm to use + * @param data_size Expected total size of data to hash + * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal). + */ +int vb2ex_hwcrypto_digest_init(enum vb2_hash_algorithm hash_alg, + uint32_t data_size); + +/** + * Extend the hash in the hardware crypto engine with another block of data. + * + * @param buf Next data block to hash + * @param size Length of data block in bytes + * @return VB2_SUCCESS, or non-zero error code. + */ +int vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size); + +/** + * Finalize the digest in the hardware crypto engine and extract the result. + * + * @param digest Destination buffer for resulting digest + * @param digest_size Length of digest buffer in bytes + * @return VB2_SUCCESS, or non-zero error code. + */ +int vb2ex_hwcrypto_digest_finalize(uint8_t *digest, uint32_t digest_size); + #endif /* VBOOT_2_API_H_ */ diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h index e930de84..559a8ed1 100644 --- a/firmware/2lib/include/2crypto.h +++ b/firmware/2lib/include/2crypto.h @@ -28,4 +28,35 @@ enum vb2_crypto_algorithm { VB2_ALG_COUNT }; +/* Algorithm types for signatures */ +enum vb2_signature_algorithm { + /* Invalid or unsupported signature type */ + VB2_SIG_INVALID = 0, + + /* + * No signature algorithm. The digest is unsigned. See + * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. + */ + VB2_SIG_NONE = 1, + + /* RSA algorithms of the given length in bits (1024-8192) */ + VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ + VB2_SIG_RSA2048 = 3, + VB2_SIG_RSA4096 = 4, + VB2_SIG_RSA8192 = 5, +}; + +/* Algorithm types for hash digests */ +enum vb2_hash_algorithm { + /* Invalid or unsupported digest type */ + VB2_HASH_INVALID = 0, + + /* SHA-1. Warning: This is likely to be deprecated soon! */ + VB2_HASH_SHA1 = 1, + + /* SHA-256 and SHA-512 */ + VB2_HASH_SHA256 = 2, + VB2_HASH_SHA512 = 3, +}; + #endif /* VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ */ diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 2cffc56f..53e0102b 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -446,6 +446,9 @@ enum vb2_return_code { /* TPM clear owner not implemented */ VB2_ERROR_EX_TPM_CLEAR_OWNER_UNIMPLEMENTED, + /* Hardware crypto engine doesn't support this algorithm (non-fatal) */ + VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED, + /********************************************************************** * Errors generated by host library (non-firmware) start here. diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h index 58792369..221d1856 100644 --- a/firmware/2lib/include/2sha.h +++ b/firmware/2lib/include/2sha.h @@ -78,6 +78,9 @@ struct vb2_digest_context { /* Current hash algorithm */ enum vb2_hash_algorithm hash_alg; + + /* 1 if digest is computed with vb2ex_hwcrypto routines, else 0 */ + int using_hwcrypto; }; /** diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index c0cd9071..5e2757b6 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -9,37 +9,7 @@ #ifndef VBOOT_REFERENCE_VBOOT_2STRUCT_H_ #define VBOOT_REFERENCE_VBOOT_2STRUCT_H_ #include <stdint.h> - -/* Algorithm types for signatures */ -enum vb2_signature_algorithm { - /* Invalid or unsupported signature type */ - VB2_SIG_INVALID = 0, - - /* - * No signature algorithm. The digest is unsigned. See - * VB2_GUID_NONE_* above for key GUIDs to use with this algorithm. - */ - VB2_SIG_NONE = 1, - - /* RSA algorithms of the given length in bits (1024-8192) */ - VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ - VB2_SIG_RSA2048 = 3, - VB2_SIG_RSA4096 = 4, - VB2_SIG_RSA8192 = 5, -}; - -/* Algorithm types for hash digests */ -enum vb2_hash_algorithm { - /* Invalid or unsupported digest type */ - VB2_HASH_INVALID = 0, - - /* SHA-1. Warning: This is likely to be deprecated soon! */ - VB2_HASH_SHA1 = 1, - - /* SHA-256 and SHA-512 */ - VB2_HASH_SHA256 = 2, - VB2_HASH_SHA512 = 3, -}; +#include "2crypto.h" /* * Key block flags. |